Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a4ca571b00a993e1ac9afcf706c992f0
-
SHA1
516037c19deca4c659cb4d33df548e770c8ea748
-
SHA256
ebeb3e34d33da5624f70dfd802bc71ccc64dbc0602f0f8f9495a1cfa154fc0ef
-
SHA512
a4a86d78c4d68209b5645affeb6a0481b9cedc464d5b1ff8c70b07f11359f6a2c3b221f170bfde037f9e2fad2f560cb5bf788d085b5fc7df73485942e6b160cc
-
SSDEEP
1536:zvJRAT+S0kaNVu9TOQA8AkqUhMb2nuy5wgIP0CSJ+5y/AB8GMGlZ5G:zvJR6Z0FNVuUGdqU7uy5w9WMyYN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2896 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2852 cmd.exe 2852 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2852 2732 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 29 PID 2732 wrote to memory of 2852 2732 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 29 PID 2732 wrote to memory of 2852 2732 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 29 PID 2732 wrote to memory of 2852 2732 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 29 PID 2852 wrote to memory of 2896 2852 cmd.exe 30 PID 2852 wrote to memory of 2896 2852 cmd.exe 30 PID 2852 wrote to memory of 2896 2852 cmd.exe 30 PID 2852 wrote to memory of 2896 2852 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2896
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5d6e7952bf291674b6ce13176de08ef7f
SHA19d7d97f6690b9632e994ca611a891d82156e2d86
SHA25680e20107d0bbc3e63123d2b2df9115ffb28a465bb9de759329035dc935227f02
SHA512af438d2e145ca46ba7a416dd1b98c86a9fb9efcde5814e76c05c37e2ac5aba488d21b510ee870bf616367d084b3594134644f420790b526f5c1edbfa5e496845